Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.prove.com/llms.txt

Use this file to discover all available pages before exploring further.

Definition

Prove publishes server-side SDKs for Go, Java, .NET, TypeScript, and JavaScript. Other stacks use the same HTTP operations documented under Reference (for example POST /v3/start, POST /v3/validate, POST /v3/challenge, POST /v3/complete).

Installation

Packages and dependency coordinates by language: 
# The Go library is hosted on GitHub so you can use this command to import it
# to your Go application.
go get github.com/prove-identity/prove-sdk-server-go

# Ensure you import the SDK in your code like this:
import (
	provesdkservergo "github.com/prove-identity/prove-sdk-server-go"
	"github.com/prove-identity/prove-sdk-server-go/models/components"
)

Authentication

The SDKs authenticate to Prove with OAuth 2.0 using a client ID and client secret (for example from environment variables). Example client construction: 
clientID := os.Getenv("PROVE_CLIENT_ID")
clientSecret := os.Getenv("PROVE_CLIENT_SECRET")

proveEnv := "uat-us" // Use UAT in US region.

client := provesdkservergo.New(
	provesdkservergo.WithServer(proveEnv),
	provesdkservergo.WithSecurity(components.Security{
		ClientID:     provesdkservergo.String(clientID),
		ClientSecret: provesdkservergo.String(clientSecret),
	}),
)
Token lifetime: OAuth access tokens expire after 60 minutes; obtain a new token before expiry.

Next field

Responses include a Next value that indicates the next SDK or HTTP operation for the active flow.

Start()

Initiates a Prove flow. Accepts flow type, phone number, and optional challenge hints (often from a server route such as POST /initiate). Required parameters
  • Flow typedesktop or mobile (device class for the flow).
  • Final target URL — Required when flowType is desktop. Maximum length 128 characters. Instant Link redirects the customer to this URL after the link is opened.
Possession behavior by flow type
  • desktop: Instant Link performs the possession check.
  • mobile: Mobile Auth when enabled, then OTP as fallback.
Session timeouts (from SMS send): Instant Link 3 minutes; OTP 2 minutes.
Optional parameters
  • ssn — Full SSN or last four digits. May be supplied on Start() or Challenge().
  • dob — Date of birth: YYYY-MM-DD, YYYY-MM, or MM-DD. May be supplied on Start() or Challenge().
  • allowOTPRetrytrue allows up to three OTP entry attempts; default false.
Client behavior for OTP retries must match the Pre-Fill implementation guide — request new OTP code.
ctx := context.TODO()

rspStart, err := client.V3.V3StartRequest(ctx, &components.V3StartRequest{
	FlowType:       "desktop",
	FinalTargetURL: provesdkservergo.String("https://prove.com"),
	PhoneNumber:    provesdkservergo.String("2001001686"),
	Ssn:            provesdkservergo.String("8370"),
})
if err != nil {
	t.Fatal(err)
}
Returns
  • Auth token — Short-lived JWT for the current flow; passed to the client Authenticate() method for possession checks.
  • Correlation ID — Identifier for this flow; include on Validate(), Challenge(), and Complete() for the same session. Correlation context expires 15 minutes after Start() returns. Useful for troubleshooting.
  • Next — Next operation to invoke.
In Sandbox, the phone number must identify a configured test user. Omitting it or using a non-test number can yield no test user found matching the phone number.

Validate()

Validates possession after the client signals completion. Parameter: correlation ID from Start() (often from a server route such as POST /verify). 
rspValidate, err := client.V3.V3ValidateRequest(ctx, &components.V3ValidateRequest{
	CorrelationID: rspStart.V3StartResponse.CorrelationID,
})
if err != nil {
	t.Fatal(err)
}
Returns
  • successtrue if mobile validation succeeded; otherwise false.
  • challengeMissing — When true, the flow requires Challenge() with the collected inputs.
  • Phone number — Validated E.164 value when present.
  • Next — Next operation to invoke.
When challengeMissing is true, collect SSN (last four or full) or DOB on the client unless those values were already sent on Start().

Challenge()

Runs when possession succeeded but identity challenge data is still required. Requires the correlation ID from Start() and the challenge fields (aligned with optional Start() parameters such as ssn and dob). 
rspChallenge, err := client.V3.V3ChallengeRequest(ctx, &components.V3ChallengeRequest{
	CorrelationID: rspStart.V3StartResponse.CorrelationID,
	Ssn:           provesdkservergo.String("565228370"),
})
if err != nil {
	t.Fatal(err)
}

Complete()

Final verification call after the customer confirms or edits their information. Parameters
  • Correlation ID — From Start(); must match ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$.
  • Individual — Customer attributes as a structured map. 
rspComplete, err := client.V3.V3CompleteRequest(ctx, &components.V3CompleteRequest{
	CorrelationID: rspStart.V3StartResponse.CorrelationID,
	Individual: components.V3CompleteIndividualRequest{
		FirstName: provesdkservergo.String("Tod"),
		LastName:  provesdkservergo.String("Weedall"),
		Addresses: []components.V3CompleteAddressEntryRequest{
			{
				Address:    provesdkservergo.String("39 South Trail"),
				City:       provesdkservergo.String("San Antonio"),
				Region:     provesdkservergo.String("TX"),
				PostalCode: provesdkservergo.String("78285"),
			},
		},
		Ssn: provesdkservergo.String("565228370"),
		Dob: provesdkservergo.String("1984-12-10"),
		EmailAddresses: []string{
			"tweedalld@ehow.com",
		},
	},
})
if err != nil {
	t.Fatal(err)
}
Returns
  • successtrue when customer data is returned for the verification outcome.
  • Next — In the terminal state, Done.
SDK source repositories: github.com/prove-identity. Use Watch on a repository for release notifications.

Related topics

Server-Side SDK GuideImplementation GuideClient-Side SDK GuideSet up Prove SDKs in your project